Category Archives: culture

The dismembering of the Government Digital Service is underway, says Andrew Greenway, a former programme manager working on digital projects for the Cabinet Office. He now works as an independent consultant.

Paul Downey, GDS’s Technical Architect – who is described by former colleagues as a “legend” and “national treasure” – has left to join the Ministry of Housing, Communities and Local Government.

Downey is the latest in a long line of leading government technologists to leave GDS, which will confirm in the minds of many that Sir Humphrey has won the campaign to stop GDS interfering in the 100 year-old autonomy of individual government departments.

Cabinet Office minister Francis Maude and entrepreneur Martha Lane Fox set up GDS in 2011 to break down departmental silos and have a “single version of the truth” for everything that government touches.

Former prime minister David Cameron said the creation of GDS “is one of the great unsung triumphs of the last Parliament”

Downey helped departments to create new digital services. He represented GDS on the UK government Open Standards Board. Formerly he was BT’s Chief Web Services Architect.

In reply to Downey’s tweet announcing his departure, Stephen Foreshew-Cain, former Executive Director of GDS, tweeted, “When people talked about standing on the shoulders of giants, they were talking about you.”

Tom Loosemore, founder of GDS who, in 2012, wrote the Government Digital Strategy for GDS, also tweeted praise for Downey.

Loosemore left GDS in 2015 for the Co-op group. In an interview shortly after leaving, Loosemore said, “The shape of government needs to change … Businesses don’t run on siloed departments any more and neither should government.”

Liam Maxwell, National Technology Adviser at HM Government who used to be the government’s chief technology officer and who ran teams at GDS, tweeted,”You have been total inspiration to me and hundreds of others”.

Dismembering

Greenway said GDS retains people, prestige and power. “There is no question that the civil service is in a much stronger position on digital than it was six years ago. Some of the work going on in government, including the teams in GDS building digital platforms, remains world-leading”.

Despite bleeding skills elsewhere, GDS has not experienced a terminal brain drain, says Greenway. “Many of those who have stayed are doing a heroic job in trying circumstances.”

But he added that officials working on digital programmes in other departments describe the GDS team as well-meaning but increasingly peripheral.

It now looks as if the Department of Digital, Culture, Media and Sport will take over from GDS. But Greenway warns against replacing a weakened centre with diffuse departmental effort.

“The point of GDS was to have a single team that could act as the voice of users for government as a whole. To do that well, it needed a mandate covering data as well as design, operations and technology. It also had to have a clear mission. Increasingly, it has neither of these.

“The departmental shape of government gives no incentive for any non-central department to step in. It is a great shame that the two most well-placed advocates for an effective centre — the Treasury and Sir Jeremy Heywood — have proved unable or unwilling to stop the rot …

“The dismembering of GDS is underway.”

Comment

GDS was a great idea. But Sir Humphries tend not to like great ideas if they mean internal change. Permanent secretaries are appointed on the basis that they are a safe pair of hands. Safe in this context means three things:

talking daily of the need for large-scale “transformative” change while ensuring it doesn’t happen.

Thus, for the past few years, GDS professionals have found that top civil servants want central government departments to continue to be run as separate bureaucratic empires with their uniqueness and administrative traditions preserved.

GDS technologists, on the other hand, want to cut the costs of running Whitehall and the wider public sector while making it easier for the public to interact with government. This puts GDS at odds with Whitehall officials who believe that each departmental board knows best how to run its department.

In the long run GDS cannot win – because it was set up by politicians who wanted change but whose stewardship was temporary while the will to dismember GDS comes from the permanent secretariat who do not welcome change and have the power to resist it.

More’s the pity because taxpayers will continue to spend a fortune on preserving departmental silos and huge, unnecessarily-complex technology contracts.

Today’s Financial Times and other newspapers cover a National Audit Office report into GP clinical notes and correspondence, some of it urgent, that was not directed to the patient’s GP.

The correspondence was archived by Capita under its contract to provide GP support services. But patient notes were still “live”. They included patient invitation letters, treatment/diagnosis notes, test results and documents/referrals marked ‘urgent’.

What isn’t well reported is that ministers were left in the dark about the problems for more than a year. The National Audit Office does not blame anyone – its remit does not include questioning policy decisions – but its report is impressive in setting out of the facts.

Before NHS England outsourced GP support services to Capita in 2015, GPs practices sent correspondence for patients that were not registered at their practice to local primary care services centres, which would attempt to redirect the mail.

By the time Capita took over GP support services on 1 September 2015, GPs were supposed to “return to sender” any correspondence that was sent to them incorrectly – and not send it to primary care services centres that were now run, in part, by Capita.

But some GPs continued to send incorrectly-addressed correspondence to the primary care services centres. Capita’s contract did not require it to redirect clinical correspondence.

An unknown number of GP practices continued to send mail to the centres, expecting the centre’s staff to redirect it. A further complication was that Capita had “transformation” plans to cut costs by closing the primary care services support centres.

Capita made an inventory of all records at each site and shared this with NHS England. The inventories made reference to ‘clinical notes’ but at this point no one identified these notes as live clinical correspondence. Capita stored the correspondence in its archive.

In line with its contract, Capita did not forward the mail. It was not until May 2016 – eight months after Capita took over the primary care services centres – that Capita told a member of NHS England’s primary care support team that there was a problem with an unquantified accumulation of clinical notes.

It was a further five months before Capita formally reported the incident to NHS England. At that time Capita estimated that there was an accumulation of hundreds of thousands of clinical notes. When the National Audit Office questioned Capita on the matter, it replied that, with hindsight, it believes it could have reported the backlog sooner.

In November 2016, Capita and NHS England carried out initial checks on the reported backlog of 580,000 clinical notes. It wasn’t until December 2016 that ministers were informed of problems – more than a year after Capita took over the contract.

Even in December 2016 ministers were not fully informed. Information about a backlog of live clinical notes was within in a number of items in the quarterly ministerial reports. NHS England did not report the matter to the Department of Health until April 2017 – about two years after the problems began.

Even then, officials told ministers that clinical notes had been sampled and were considered “low clinical and patient risk”. But a later study by NHS England’s National Incident Team identified a backlog of 1,811 high priority patient notes such as documents deemed to be related to screening or urgent test results.

The National Audit Office says, “NHS England expects to know by March 2018 whether there has been any harm to patients as a result of the delay in redirecting correspondence. NHS England will investigate further where GPs have identified that there could be potential harm to patients. The review will be led by NHS England’s national clinical directors, with consultant level input where required.”

Last month Richard Vautrey, chairman of British Medical Association’s General Practitioners Committee, wrote to the NHS Chief Executive Simon Stevens criticising a lack of substantial improvement on Capita’s contract to run primary care service centres.

In December, the GP Committee surveyed practices and individual GPs on the Capita contract. The results showed a little improvement across all service lines, when compared to its previous survey in October 2016, but a “significant deterioration” in some services. Vautrey’s letter said,

“While any new organisation takes time to take over services effectively, the situation has gone from bad to worse since Capita took over the PCSE [Primary Care Support England] service almost two and a half years ago …

“This situation is completely unacceptable. As a result of the lack of improvement in the service delivery of PCSE we are now left with no option but to support practices and individual doctors in taking legal routes to seek resolution. While this is taking place, we believe it is imperative that NHS England conducts a transparent and comprehensive review of all policy, procedures and processes used by PCSE across each service line.”

Comment:

It’ll be clear to some who read the NAO report that the problems with urgent patient notes going astray or being put mistakenly into storage, stems from NHS England’s decision to outsource a complex range of GP support services without fully considering – or caring about – what could go wrong.

It’s not yet known if patients have come to harm. It’s clear, though, that patients have been caught in the middle of a major administrative blunder that has complex causes and for which nobody in particular can be held responsible.

That ministers learned of a major failure on a public sector outsourcing deal over a year after live patient notes began to be archived is not surprising.

About four million civil and public servants have strict rules governing confidentiality. There are no requirements for civil and public service openness except when it comes to the Freedom of Information Act which many officials can – and do – easily circumvent.

Even today, the fourth year of Capita’s contract to run GP support services, the implications for patients of what has gone wrong are not yet fully known or understood.

It’s a familiar story: a public sector blunder for which nobody will take responsibility, for which nobody in particular seems to care about, and for which the preoccupation of officialdom will be to continue playing down the implications or not say anything at all.

Why would they be open when there is no effective requirement for it? It’s a truism that serious problems cannot be fixed until they are admitted. In the public sector, serious problems on large IT-related contracts are not usually fixed until the seriousness of the problems can no longer be denied.

For hundreds of years UK governments have struggled to reconcile a theoretical desire for openness with an instinctive and institutional need to hide mistakes. Nothing is likely to change now.

A government-commissioned review yesterday backed a Bill that could, if enacted and applied to Whitehall generally, prevent billions of pounds being lost on wasteful projects.

The Public Authority Accountability Bill – known informally as the Hillsborough Law – would establish an offence of intentionally or recklessly misleading the public, media or court proceedings.

It would also impose a legal requirement on public authorities to act with candour, transparency and frankness when things go wrong.

Although the Bill was a reaction, in part, to the cover up by public authorities of their failings in the light of Hillsborough, it could, if enacted, deter public authorities from covering up failings generally – including on major IT programmes.

For decades public authorities have had the freedom – unrestricted by any legislation – to cover up failures and issue misleading statements to the public, Parliament and the media.

In the IT sphere, early problems with the Universal Credit IT programme were kept secret and misleadingly positive statements issued. The National Audit Office later criticised a “good news” culture on the Universal Credit programme.

And still the DWP is fighting to block the disclosure of five project assessment reviews that were carried out on the Universal Credit IT programme between 2012 and 2015.

It could be argued that billions of pounds lost on the NPfIT – the National Programme for IT in the NHS – would have been avoided if the Department of Health had been open and candid at the start of the programme about the programme’s impractically ambitious aims, timescales and budgets.

The Department for Business, Energy and Industrial Strategy is currently keeping secret its progress reports on the £111bn smart meters rollout – which independent experts have said is a failing programme. The department routinely issues positive statements to the media on the robust state of the programme.

The Public Authority Accountability Bill was drafted by lawyers who had been involved with representing bereaved Hillsborough families. It is aimed mainly at government inquiries, court proceedings and investigations into lapses of public services.

But it would also enshrine into law a duty on public authorities, public servants, officials and others to act within their powers with “transparency, candour and frankness”.

Lawyers who drafted the Bill refer on their website to “institutional defensiveness and a culture of denial” when things go wrong. They say,

“In 2017 we expect public authorities and individuals acting as public servants to be truthful and act with candour. Unfortunately, repeated examples have shown us that this is not generally the case.

“Instead of acting in the public interest by telling the truth, public authorities have tended to according to narrow organisational and individual motives by trying to cover up faults and deny responsibility …”

Backing for the Bill came yesterday from a 117-page report on the Hillsborough disaster by Bishop James Jones. The government commissioned him to produce a report on the experiences of the Hillsborough families so that their “perspective is not lost”.

Jones’ impressive report refers to institutions that “closed ranks, refused to disclose information, used public money to defend its interests and acted in a way that was both intimidating and oppressive”

His report refers to public bodies in general when it points to a “cultural condition” and “mindset” that features an “instinctive prioritisation of the reputation of an organisation over the citizen’s right to expect people to be held to account for their actions”. This, says the report, “represents a barrier to real accountability”.

It adds,

“As a cultural condition, this mindset is not automatically changed, still less dislodged, by changes in policies or processes. What is needed is a change in attitude, culture, heart and mind.”

The report urges leaders of “all public bodies” to make a commitment to cultural change by publicly signing a new charter.

The charter commits public bodies to:

Place the public interest above its own reputation.

Approach forms of scrutiny with candour, in an open, honest and transparent way, making full disclosure of relevant documents, material and facts.

Learn from the findings of external scrutiny and from past mistakes.

Avoid seeking to defend the indefensible or to dismiss or disparage those who may have suffered where the organisation has fallen short.

When falling short, apologise straightforwardly and genuinely.

Not knowingly mislead the public or the media.

The report says that institutional defensiveness and a culture of denial are “endemic amongst public institutions as has been demonstrated not only by the Hillsborough cover up but countless other examples.”

Stuart Hamilton, son of Roy Hamilton who died at Hillsborough, is quoted in the report as saying,

“Police, officials and civil servants should have a duty of revealing the full facts and not merely selecting some truths to reveal but not others. Not lying or not misleading is simply not good enough. Without this, future disasters cannot be averted and appropriate policies and procedures cannot be developed to protect society.

“Such selective revealing of information also results in the delay of justice to the point where it cannot be served”.

He added,

“I believe that without a change not only in the law but also in the mindset of the public authorities (which a law can encourage) then very little exists to stop the post-event actions happening again.”

IT-enabled projects

Whitehall departments and the Infrastructure and Projects Authority publish their own narratives on the progress on major IT-enabled projects and programmes such as Universal Credit and smart meters.

But their source reports aren’t published.

Early disclosure of failings could have prevented hundreds of millions of pounds being lost on FireControl project, BBC’s Digital Media Initiative, the Home Office Raytheon e-borders and C-Nomis national offender management information projects and the Rural Payments Agency’s CAP delivery programme (which, alone, contributed to EU penalties of about £600m).

Comment:

Yesterday’s beautifully-crafted report into the Hillsborough disaster – entitled “The patronising disposition of unaccountable power” – is published on the Gov.uk website.

It has nothing to do with IT-enabled projects and programmes. But, in an unintentional way, it sums up a public sector culture that has afflicted nearly every Whitehall IT-based project failure in the last 25 years.

A culture of denial is not merely prevalent today; it is pervasive. All Whitehall departments keep quiet about reports on their failings. It is “normal” for departments to issue misleadingly positive statements to the media about progress on their programmes.

The statements are not lies. They deploy facts selectively, in a way that covers up failings. That’s the Whitehall culture. That’s what departments are expected to do.

According to Bishop Jones’ Hillsborough report, one senior policeman told bereaved families that he was not obliged to reveal the contents of his reports. He could bury them in his garden if he wished.

It’s the same with government departments. There is no legal duty to keep programme reports, still less any requirement to publish them.

If Bishop Jones’ charter is signed by leaders of public authorities including government departments, and Andy Burnham’s Bill becomes law, the requirement for candour and transparency could mean that IT programme progress reports are made available routinely.

If this happened – a big if – senior public officials would have to think twice before risking billions of pounds on a scheme that held out the prospect of being fun to work on but which they knew had little chance of success within the proposed timescales, scope and budget.

It’s largely because of in-built secrecy that the impossibly impractical NPfIT was allowed to get underway. Billions of pounds was wasted.

Some may say that the last thing ministers and their permanent secretaries will want is the public, media and MPs being able to scrutinise what is really happening on, say, a new customs IT project to handle imports and exports after Brexit.

But the anger over the poor behaviour of public authorities after Hillsborough means that the Bill has an outside chance of eventually becoming law. Meanwhile public sector leaders could seriously consider signing Jones’ charter.

John Stuart Mill wrote in 1859 (On Liberty and The Subjection of Women) that the “only stimulus which can keep the ability of the [public] body itself up to a high standard is liability to the watchful criticism of equal ability outside the body”.

The contrast between what Google looks for when hiring staff and what Whitehall looks for when making some of its top appointments, could give clues as to why many government IT-based projects and programmes fail.

First, the strengths Google looks for. These were set out yesterday on BBC R4 by Laszlo Bock, human resources chief at Google for 10 years.

Google was named “Best Company to Work For” more than 30 times around the world and received over 100 awards as a top employer during Bock’s time.

In 2010, he was named “Human Resources Executive of the Year”. Under him, Google changed its clunky, arduous recruitment processes that relied on gimmicks like maths puzzles to those that helped the company grow to about 60,000 employees in less than two decades.

In 2015 he published his first book, The New York Times bestseller Work Rules!, a practical guide to help people find meaning in work and improve the way they live and lead. He resigned from Google in 2016.

On the BBC “Analysis” programme on Monday evening – which looked at intelligence and talent and what they mean, if anything, in job interviews – Bock said the least important attribute Google screens for is whether someone knows about the job they are taking on. Crunching the data on successful hiring led Google instead to look for these characteristics:

Humility

Conscientiousness

A sense of responsibility not to quit until the job is done well

Comfort with ambiguity

A sense of fun

Courage

Why courage?

Bock said,

“It’s about the importance of people being able to raise their voices in organisations. One of the things that happens is, when organisations get large, people stop raising their voices and really bad things happen as a result. That’s where you get whistleblowing, insider trading, all kinds of things.

“Human beings are evolved, biologically, as social, hierarchy-seeking animals. We tend to conform. So courage is important because the really innovative, creative stuff comes from ‘I got this crazy idea’ and the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.

“Without that you can’t do great things.”

Comment

It’s too easy to generalise about the hiring and appointment of senior civil servants. But it’s possible to understand a little about the hiring culture within Whitehall’s biggest department, the Department for Work and Pensions.

An insight into DWP culture and thinking can be gleaned from the many Lever arch folders of documents filed by the DWP as part of an FOI case in which it spent several years fighting to stop the release of documents about the Universal Credit IT programme.

The documents include DWP witness statements on the “harm” that would be caused if the IT documents in question were published.

The judge in the case, Chris Ryan, challenged most of the DWP’s arguments.

In one of his rulings, Judge Ryan described the DWP’s claims as:

alarming and surprising

overstated

unconvincing

close to fanciful

He said that public confidence in the Universal Credit IT programme had been maintained for some time “on a false basis”; and he raised the possibility that an “unhealthily collegiate relationship had developed” between the DWP and private sector IT suppliers. [Campaign4Change will publish a separate blog post on this ruling in the next few days.]

As well as the insight into DWP culture that one can gain from the FOI case, it’s possible to gauge culture and thinking within Whitehall departments from the talented, free-thinking IT individualists who have joined the top layer of the civil service, quit and returned to the private sector.

It would be invidious to pick out some names as there are so many.

What all this suggests is that Whitehall’s culture appreciates conformity and consensus and shuns boat-rocking.

When top IT professionals who joined HMRC and the DWP spoke publicly at conferences about institutional problems that needed to be tackled, mandarins reacted quickly – and such disclosures were never repeated.

And after a leak to the Guardian about the results of a DWP staff survey of morale on the Universal Credit IT programme, the department launched a formal leak inquiry headed by a senior member of the security services.

At the same time, Universal Credit IT programme documents were no longer emailed but transferred around in taxis.

This bout of nervous introspection (the judge described the DWP’s arguments in the FOI case as “defensive”) when taken together with what else we know, indicate that Whitehall’s culture is insular, distrustful and inimical to open challenge and problem-solving (though there are some within the senior Whitehall ranks who successfully defy that culture).

When Bock talks of conformity being a danger within large organisations he would not have had the DWP in mind – but he aptly describes its culture.

When he speaks about the “importance of people being able to raise their voices in organisations” he was probably unaware of the extent to which Whitehall culture abhors raised voices.

As Bock says, when people don’t raise their voices “really bad things happen as a result”. Perhaps the lack of internal challenge was one reason the NHS IT programme – NPfIT – lost billions of pounds, and the DWP’s Universal Credit programme went badly awry for several years.

When Bock says the “really innovative, creative stuff comes from ‘I got this crazy idea’, he could have been describing the culture of the Government Digital Service. But that refreshing GDS culture is being slowly choked by the conservatism of traditional Whitehall departments.

As Bock says, “the bad problems get flagged by people who are willing to raise their hand and say ‘I don’t think this is a good thing to do’.” But bad problems are things senior civil servants avoid talking about, even internally. A Disneyland”good news” culture pervades central departments.

A National Audit Office report on the Universal Credit programme referred to a “fortress mentality” within the DWP.

Maybe the consensus-seeking John Manzoni, head of the civil service, and his colleague Sir Jeremy Heywood, Cabinet Secretary, could seek to employ Bock as an adviser on appointments and recruitment.

Bock’s brief? To turn around the senior civil service’s culture of conformity, groupthink, denial, selective use of “good news” facts and a lack of open challenge.

Recognising the destructiveness within a big organisation of having the wrong culture – as Bock does – could be the start of a genuine Whitehall transformation.

IBM-led Southwest One has had a mostly bad press since it was set up in 2007. But the story has a positive postscript.

Officials at Somerset County Council now understand what has long been obvious to ICT professionals: that the bulk of an organisation’s savings come from changing the way people work – and less from the ICT itself.

Now that Somerset County Council has the job of running its own IT again – its IT-based relationship with Southwest One ended prematurely in December 2016 – the council’s officials have realised that technology is not an end in itself but an “enabler” of headcount reductions and improvements in productivity.

A 2017 paper by the county council’s “Programme Management Office” says the council has begun a “technology and people programme” to “contribute to savings via headcount reduction by improving organisational productivity and process efficiency using technology as the key enabler”.

Outsourcing IT a “bad mistake”

It was in 2007 that Somerset County Council and IBM launched a joint venture, Southwest One. The new company took over the IT staff and some services from the council.

In the nine years since then the council has concluded that outsourcing ICT – thereby separating it from the council’s general operations – was not a good idea.

The same message – that IT is too integral and important to an organisation to be outsourced – has also reached Whitehall’s biggest department, the Department for Work and Pensions.

Yesterday (8 February 2017) Lord Freud, who was the Conservative minister in charge of Universal Credit at the Department for Work and Pensions, told MPs that outsourcing IT across government had proved to be a “bad idea”. He said,

“What I didn’t know, and I don’t think anyone knew, was how bad a mistake it had been for all of government to have sent out their IT…

“You went to these big firms to build your IT. I think that was a most fundamental mistake, right across government and probably across government in the western world …

” We talk about IT as something separate but it isn’t. It is part of your operating system. It’s a tool within a much better system. If you get rid of it, and lose control of it, you don’t know how to build these systems.

” So we had an IT department but it was actually an IT commissioning department. It didn’t know how to do the IT.

“What we actually discovered through the (Universal Credit) process was that you had to bring the IT back on board. The department has been rebuilding itself in order to do that. That is a massive job.”

Task facing Somerset officials

Somerset County Council says in its paper that the council now suffers from what it describes as:

Duplicated effort

Inefficient business processes

A reliance on traditional ways of working (paper-based and meeting-focused).

Technology that is not sufficient to meet business needs

Inadequate data extraction that does not support evidence based decision making.

“Significant under-investment in IT”.

To help tackle these problems the council says it needs a shift in culture. This would enable the workforce to change the way it works.

From January 2017 to 2021, the council plans “organisation and people-led transformational change focused on opportunities arising from targeted systems review outcomes”.

The council’s officers hope this will lead to

Less unproductive time in travelling and attending some statutory duties such as court proceedings.

Fewer meetings.

Reduced management time because of fewer people to manage e.g. supervision, appraisal, performance and sickness.

Reduced infrastructure spend because fewer people will mean cuts in building and office costs, and IT equipment. Also less training would be required.

Reduction in business support process and roles.

Reduction in hard copy file storage and retention.

The council has discovered that it could, for instance, with changes in working practices supported by the right technology, conduct the same number of social services assessments with fewer front- line social workers or increase the level of assessments with the same number of staff.

Southwest One continues to provide outsourced services to Avon and Somerset Police. The contract expires next year.

Comment

Somerset County Council is taking a bold, almost private sector approach to IT.

Its paper on “technology and people” says in essence that the council cannot save much money by IT change alone.

Genuine savings are to be found in changing ways of working and thus reducing headcount. This will require very close working – and agreement – between IT and the business end-users within the council.

It is an innovative approach for a council.

The downside is that there are major financial risks, such as a big upfront spend with Microsoft that may or may not more than pay for itself.

Does outsourcing IT ever make sense?

Somerset County Council is not an international organisation like BP where outsourcing and standardising IT across many countries can make sense.

The wider implication of Somerset’s experience – and the experience of the Department for Work and Pensions – is that outsourcing IT in the public sector is rarely a good idea.

Thank you to Dave Orr, who worked for Somerset County Council as an IT analyst and who has, since the Southwest One contract was signed in 2007, campaigned for more openness over the implications of the deal.

He has been more effective than any Somerset councillor in holding to account the county council, Taunton Deane Borough Council and Avon and Somerset Police, over the Southwest One deal. He alerted Campaign4Change to Somerset’s “Technology and People Programme” Somerset paper.

One of Orr’s recent discoveries is that the council’s IT assets at the start of the Southwest One contract were worth about £8m and at hand-back in December 2016 were worth just £0.32m, despite various technology refreshes.

“People burst into tears, so relieved were they that they could tell someone what was happening.”

The Institute for Government has today published one of the most incisive – and revelatory – reports ever produced on a big government IT project.

It concludes that the Universal Credit IT programme may now be in recovery after a disastrous start, but recovery does not mean recovered. Much could yet floor the programme, which is due to be complete in 2022.

The Institute’s main report is written by Nick Timmins, a former Financial Times journalist, who has written many articles on failed publicly-funded IT-based projects.

His invaluable report, “Universal Credit – from disaster to recovery?” – includes interviews with David Pitchford, a key figure in the Universal Credit programme, and Howard Shiplee who led the Universal Credit project.

Timmins also spoke to insiders, including DWP directors, who are not named, and the former secretary of state at the Department for Work and Pensions Iain Duncan Smith and the DWP’s welfare reform minster Lord Freud.

Separately the Institute has published a shorter report “Learning the lessons from Universal Credit” which picks out from Timmins’ findings five “critical” lessons for future government projects. This report, too, is clear and jargon-free.

Much of the information on the Universal Credit IT programme in the Timmins report is new. It gives insights, for instance, into the positions of Universal Credit’s major suppliers HP, IBM, Accenture.

It also unearths what can be seen, in retrospect, to be a series of self-destructive decisions and manoeuvres by the Department for Work and Pensions.

But the main lessons in the report – such as an institutional and political inability to face up to or hear bad news – are not new, which raises the question of whether any of the lessons will be heeded by future government leaders – ministers and civil servants – given that Whitehall departments have been making the same mistakes, or similar ones, for decades?

DWP culture of suppressing any bad news continues

Indeed, even as the reports lament a lack of honesty over discussing or even mentioning problems – a “culture of denial” – Lord Freud, the minister in charge of welfare reform, is endorsing FOI refusals to publish the latest risk registers, project assessment reviews and other Universal Credit reports kept by the Department for Work and Pensions.

More than once Timmins expresses his surprise at the lack of information about the programme that is in the public domain. In the “acknowledgements” section at the back of his report Timmins says,

“Drafts of this study were read at various stages by many of the interviewees, and there remained disputes not just about interpretation but also, from some of them, about facts.

“Some of that might be resolvable by access to the huge welter of documents around Universal Credit that are not in the public domain. But that, by definition, is not possible at this stage.”

Churn of project leaders continues

Timmins and the Institute warn about the “churn” of project leaders, and the need for stable top jobs.

But even as the Institute’s reports were being finalised HMRC was losing its much respected chief digital officer Mark Dearnley, who has been in charge of what is arguably the department’s riskiest-ever IT-related programme, to transfer of legacy systems to multiple suppliers as part of the dismantling of the £8bn “Aspire” outourcing venture with Capgemini.

Single biggest cause of Universal Credit’s bad start?

Insiders told Timmins that the fraught start of Universal Credit might have been avoided if Terry Moran had been left as a “star” senior responsible owner of the programme. But Moran was given two jobs and ended up having a breakdown.

In January 2011, as the design and build on Universal Credit started, Terry Moran was given the job of senior responsible owner of the project but a few months later the DWP’s permanent secretary Robert Devereux took the “odd” decision to make Moran chief operating officer for the entire department as well. One director within the DWP told Timmins:

“Terry was a star. A real ‘can do’ civil servant. But he couldn’t say no to the twin posts. And the job was overwhelming.”

The director claimed that Iain Duncan Smith told Moran – a point denied by IDS – that if Universal Credit were to fail that would be a personal humiliation and one he was not prepared to contemplate. “That was very different from the usual ministerial joke that ‘failure is not an option’. The underlying message was that ‘I don’t want bad news’, almost in words of one syllable. And this was in a department whose default mode is not to bring bad news to the top. ‘We will handle ministers’ is the way the department operates…”

According to an insider, “Terry Moran being given the two jobs was against Iain’s instructions. Iain repeatedly asked Robert [Devereux] not to do this and Robert repeatedly gave him assurances that this would be okay” – an account IDS confirms. In September 2012, Moran was to have a breakdown that led to early retirement in March 2013. He recorded later for the mental health charity Time to Talk that “eventually, I took on more and more until the weight of my responsibilities and my ability to discharge them just grew too much for me”.

Timmins was told, “You cannot have someone running the biggest operational part of government [paying out £160bn of benefits a year] and devising Universal Credit. That was simply unsustainable,”

Timmins says in his report, “There remains a view among some former and current DWP civil servants that had that not happened (Moran being given two jobs), the programme would not have hit the trouble it did. ‘Had he been left solely with responsibility for UC [Universal Credit], I and others believe he could have delivered it, notwithstanding the huge challenges of the task,’ one says.”

Reviews of Universal IT “failed”

Timmins makes the point that reviews of Universal Credit by the Major Projects Authority failed to convey in clear enough language that the Universal Credit programme was in deep trouble.

“The [Major Projects Authority] report highlighted a lack of sufficient substantive action on the points raised in the March study. It raised ‘high’ levels of concern about much of the programme – ‘high’ being a lower level of concern than ‘critical’. But according to those who have seen the report, it did not yet say in words of one syllable that the programme was in deep trouble.”

Iain Duncan Smith told Timmins that the the Major Projects review process “failed me” by not warning early enough of fundamental problems. It was the ‘red team’ report that did that, he says, and its contents made grim reading when it landed at the end of July in 2012.

Train crash on the way

The MPA [Cabinet Office’s Major Projects Authority] reviewed the programme in March 2011. “MPA reports are not in the public domain. But it is clear that the first of these flagged up a string of issues that needed to be tackled …

” In June a member of the team developing the new government’s pan-government website – gov.uk – was invited up to Warrington [base for the Universal Credit IT team] to give a presentation on how it was using an agile approach to do that.

“At the end of the presentation, according to one insider, a small number from the audience stayed behind, eyeing each other warily, but all wanting to talk. Most of them were freelancers working for the suppliers. ‘Their message,’ the insider says, ‘was that this was a train crash on the way’ – a message that was duly reported back to the Cabinet Office, but not, apparently, to the DWP and IDS.”

Scared to tell the truth

On another occasion when the Major Projects Authority visited the IT team at Warrington for the purposes of its review, the review team members decided that “to get to the truth they had to make people not scared to tell the truth”. So the MPA “did a lot of one-on-one interviews, assuring people that what they said would not be attributable. And under nearly every stone was chaos.

“People burst into tears, so relieved were they that they could tell someone what was happening.

” There was one young lad from one of the suppliers who said: ‘Just don’t put this thing [Universal Credit] online. I am a public servant at heart. It is a complete security disaster.’

IBM, Accenture and HP

“Among those starting to be worried were the major suppliers – Accenture, HP and IBM. They started writing formal letters to the department.

‘Our message,’ according to one supplier, ‘was: ‘Look, this isn’t working. We’ll go on taking your money. But it isn’t going to work’.’ Stephen Brien [then expert adviser to IDS] says of those letters: ‘I don’t think Iain saw them at that time, and I certainly didn’t see them at the time.”

At one point “serious consideration was given to suing the suppliers but they had written their warning letters and it rapidly became clear that that was not an option”.

Howard Shiplee, former head of the project, told Timmins that he had asked himself ‘how it could be that a very large group of clever people drawn from the DWP IT department with deep experience of the development and operation of their own massive IT systems and leading industry IT suppliers had combined to get the entire process so very wrong? Equally, ‘how could another group of clever people [the GDS team] pass such damning judgement on this earlier work and at the stroke of a pen seek to write off millions of pounds of taxpayers’ money?’

Shiplee commissioned a review from PwC on the work carried out to date and discovered that the major suppliers “were genuinely concerned to have their work done properly, support DWP and recover their reputations”.

In addition, when funding had been blocked at the end of 2012, the suppliers “had not simply downed tools but had carried on development work for almost three months” as they ran down the large teams that had been working on it.

“As a result, they had completed the development for single claimants that was being used in the pathfinder and made considerable progress on claims for couples and families. And their work, the PwC evaluation said, was of good quality.”

On time?

When alarm bells finally started ringing around Whitehall that Universal Credit was in trouble, IDS found himself under siege. Stephen Brien says IDS was having to battle with the Treasury to keep the funding going for the project. He had to demonstrate that the programme was on time and on budget.

‘The department wanted to support him in that, and didn’t tell him all the things that were going wrong. I found out about some of them, but I didn’t push as hard as I should have. And looking back, the MPA [Major Projects Authority] meetings and the MPA reports were all handled with a siege mentality. We all felt we had to stand shoulder to shoulder defending where we were and not really using them to ask: ‘Are we where we should be?’

‘As a result we were not helping ourselves, and we certainly were not helping others, including the MPA. But we did get to the stage between the end of 2011 and the spring of 2012 where we said: ‘Okay, let’s get a red team in with the time and space to do our own challenge.’”

The DWP’s “caste” system

A new IT team was created in Victoria Street, London – away from Warrington but outside the DWP’s Caxton Street headquarters. It started to take a genuinely agile approach to the new system. One of those involved told Timmins:

“It had all been hampered by this caste system in the department where there is a policy elite, then the operational people, and then the technical people below that.

“And you would say to the operational people: ‘Why have you not been screaming that this will never work?’ And they’d say: ‘Well, we’re being handed this piece of sh** and we are just going to have to make it work with workarounds, to deal with the fact that we don’t want people to starve. So we will have to work out our own processes, which the policy people will never see, and we will find a way to make it work.’

Twin-track approach

IBM, HP and Accenture built what’s now known as the “live” system which enabled Universal Credit to get underway, and claims to be made in jobcentres.

It uses, in part, the traditional “waterfall” approach and has cost hundreds of millions of pounds. In contrast there’s a separate in-house “digital” system that has cost less than £10m and is an “agile” project.

A key issue, Shiplee told Timmins, was that the new digital team “would not even discuss the preceding work done by the DWP and its IT suppliers”. The digital team had, he says, “a messiah-like approach that they were going to rebuild everything from scratch”.

Rather than write everything off, Shiplee wanted ideally to marry the “front-end” apps that the GDS/DWP team in Victoria Street was developing with the work already done. But “entrenched attitudes” made that impossible. The only sensible solution, he decided, was a “twin-track” approach.

“The Cabinet Office remained adamant that the DWP should simply switch to the new digital version – which it had now become clear, by late summer, would take far longer to build than they anticipated – telling the DWP that the problem was that using the original software would mean ‘creating a temporary service, and temporary will become permanent’.

“All of which led to the next big decision, which, to date, has been one of the defining ones. In November 2013, a mighty and fraught meeting of ministers and officials was convened. Pretty much everyone was there. The DWP ministers, Francis Maude (Cabinet Office minister), Oliver Letwin who was Cameron’s policy overlord, Sir Jeremy Heywood, the Cabinet Secretary, Sir Bob Kerslake, the head of the home civil service, plus a clutch of DWP officials including Robert Devereux and Howard Shiplee as the senior responsible owner along with Danny Alexander and Treasury representatives.

“The decision was whether to give up on the original build, or run a twin-track approach: in other words, to extend the use of the original build that was by now being used in just over a dozen offices – what became dubbed the ‘live’ service – before the new, and hopefully much more effective, digital approach was finished and on stream.

“It was a tough and far from pleasant meeting that is etched in the memories of those who were there…

“One of those present who favoured the twin-track approach says: There were voices for writing the whole of the original off. But that would have been too much for Robert Devereux [the DWP’s Permanent Secretary] and IDS.

” So the twin-track approach was settled on – writing a lot of the original IT down rather than simply writing it off. That, in fact, has had some advantages even if technically it was probably the wrong decision…

“It has, however, seen parts of the culture change that Universal Credit involves being rolled out into DWP offices as more have adopted Universal Credit, even if the IT still requires big workarounds.

“More and more offices, for example, have been using the new claimant commitment, which is itself an important part of Universal Credit. So it has been possible to train thousands of staff in that, and get more and more claimants used to it, while also providing feedback for the new build.”

Francis Maude was among those who objected to the twin-track approach, according to leaked minutes of the project oversight board at around this time.

Lord Freud told Timmins,

‘Francis was adamant that we should not go with the live system [that is, the original build]. He wanted to kill it. But we, the DWP, did not believe that the digital system would be ready on anything like the timescales they were talking about then …But I knew that if you killed the live system, you killed Universal Credit…”

In the end the twin-track approach was agreed by a majority. But the development of the ‘agile’ digital service was immediately hampered by a spat over how quickly staff from the GDS were to be withdrawn from the project.

Fury over National Audit Office report

In 2013 the National Audit Office published a report Universal Credit – early progress– that, for the first time, brought details of the problems on the Universal Credit programme into the public domain. Timmins’ report says that IDS and Lord Freud were furious.

“IDS and, to an only slightly lesser extent, Lord Freud were furious about the NAO report; and thus highly defensive.”

IDS tried to present the findings of the National Audit Office as purely historical.

In November 2014, the NAO reported again on Universal Credit. It once more disclosed something that ministers had not announced – that the timetable had again been put back two years (which raises further questions about why Lord Freud continues to refuse FOI requests that would put into the public domain – and inform MPs – about project problems, risks and delays without waiting for an NAO report to be published)..

Danny Alexander “cut through” bureaucracy

During one period, the Treasury approval of cash became particularly acute. Lord Freud told Timmins:

“We faced double approvals. We had approval about any contract variation from the Cabinet Office and then approvals for the money separately from the Treasury.

“The Government Digital Service got impatient because they wanted to make sure that the department had the ability to build internally rather than going out to Accenture and IBM, who (sic) they hate.

“The approvals were ricocheting between the Cabinet Office and the Treasury and when we were trying to do rapid iteration. That was producing huge delays, which were undermining everything. So in the end Danny Alexander [Lib-dem MP who was chief secretary to the Treasury] said: ‘I will clear this on my own authority.’ And that was crucial. Danny cut through all of that.”

Optimism bias

So-called optimism bias – over-optimism – is “such a common cause of failure in both public and private projects that it seems quite remarkable that it needs restating. But it does – endlessly”.

Timmins says the original Universal Credit white paper – written long before the start of the programme – stated that it would involve “an IT development of moderate scale, which the Department for Work and Pensions and its suppliers are confident of handling within budget and timescale”.

“One of the greatest adages I have been taught and have learnt over the years in terms of major projects is that hope is not a management tool. Hoping it is all going to come out all right doesn’t cut it with something of this magnitude.

“The importance of having a genuine diagnostic machine that creates recommendations that are mandatory just can’t be overstated. It just changes the whole outcome completely. As opposed to obfuscation and optimism bias being the basis of the reporting framework. It goes to a genuine understanding and knowledge of what is going on and what is going wrong.”

Sir Bob Kerslake, who also identified the ‘good news culture’ of the DWP as being a problem, told Timmins,

“All organisations should have that ability to be very tough about what is and isn’t working. The people at the top have rose-tinted specs. They always do. It goes with the territory.

And unless you are prepared to embrace people saying that ‘really, this is in a bad place’… I can think of points where I have done big projects where it was incredibly important that we delivered the unwelcome news of where we were on that project. But it saved me, and saved my career.”

Recovery?

Timmins makes good arguments for his claim that the Universal Credit programme may be in recovery – but not recovered – and that improvements have been made in governance to allow for decisions to be properly questioned.

But there is no evidence the DWP’s “good news” culture has changed. For instance the DWP says that more than 300,000 people are claiming Universal Credit but the figure has not been audited and it’s unclear whether claimants who have come off the benefit and returned to it – perhaps several times – are being double counted.

Timmins points out the many uncertainties that cloud the future of the Universal Credit programme – how well the IT will work, whether policy changes will hit the programme, whether enough staff will remain in jobcentres, and whether the DWP will have good relations with local authorities that are key to the delivery of Universal Credit but are under their own stresses and strains with resourcing.

There are also concerns about what changes the Scots and Northern Irish may want under their devolved powers, and the risk that any ‘economic shock’ post the referendum pushes up the volume of claimants with which the DWP has to deal.

Could Universal Credit fail for non-IT reasons?

Timmins says,

“In seeking to drive people to higher earnings and more independence from the benefits system, there will be more intrusion into and control over the lives of people who are in work than under the current benefits system. And there are those who believe that such an approach – sanctioning people who are already working – will prove to be political dynamite.”

The dire consequences of IT-related failure

It is also worth noting that Universal Credit raises the stakes for the DWP in terms of its payment performance, says Timmins.

“If a tax credit or a Jobseeker’s Allowance payment or any of the others in the group of six go awry, claimants are rarely left penniless in the sense that other payments – for example, Housing Benefit in the case of Jobseeker’s Allowance or tax credits, – continue.

“If a Universal Credit payment fails, then all the support from the state, other than Child Benefit or disability benefits not included within Universal Credit, disappears.”

This happened recently in Scotland when an IT failure left hundreds of families penniless. The DWP’s public response was to describe the failure in Scotland as “small-scale”.

Comment

What a report.

It is easy to see how much work has gone into it. Timmins has coupled his own knowledge of IT-related failure with a thorough investigation into what has gone wrong and what lessons can be learned.

That said it may make no difference. The Institute in its “lessons” report uses phrases such as “government needs to make sure…”. But governments change and new administrations have an abundance – usually a superfluity – of confidence and ambition. They regard learning lessons from the past as putting on brakes or “nay saying”. You have to get with the programme, or quit.

Lessons are always the same

There will always be top-level changes within the DWP. Austerity will always be a factor. The culture of denial of bad news, over-optimism about what can be achieved by when and how easily it can be achieved, over-expectations of internal capability, over-expectation of what suppliers can deliver, embarking on a huge project without clearly or fully understanding what it will involve, not listening diligently to potential users and ridiculously short timescales are all well-known lessons.

So why do new governments keep repeating them?

When Universal Credit’s successor is started in say 2032, the same mistakes will probably be repeated and the Institute for Government, or its successor, will write another similar report on the lessons to be learned.

When Campaign4Change commented in 2013 that Universal Credit would probably not be delivered before 2020 at the earliest, it was an isolated voice. At the time, the DWP press office – and its ministers – were saying the project was on budget and “on time”.

NPfIT

The National Audit Office has highlighted similar lessons to those in the Timmins report, for example in NAO reports on the NPfIT – the NHS IT programme that was the world’s largest non-military IT scheme until it was dismantled in 2011. It was one of the world’s biggest IT disasters – and none of its lessons was learned on the Universal Credit programme.

The NPfIT had an anti-bad news culture. It did not talk enough to end users. It had ludicrous deadlines and ambitions. The politicians in charge kept changing, as did some of programme leaders. There was little if any effective internal or external challenge. By the time it was dismantled the NPfIT had lost billions.

What the Institute for Government could ask now is, with the emasculation of the Government Digital Service and the absence of a powerful Francis Maude figure, what will stop government departments including the DWP making exactly the mistakes the IfG identifies on big future IT-enabled programmes?

In future somebody needs the power to say that unless there is adequate internal and external challenge this programme must STOP – even if this means contradicting a secretary of state or a permanent secretary who have too much personal and emotional equity in the project to allow it to stop. That “somebody” used to be Francis Maude. Now he has no effective replacement.

Victims

It’s also worth noting in the Timmins report that everyone seems to be a victim, including the ministers. But who are perpetrators? Timmins tries to identify them. IDS does not come out the report smelling of roses. His passion for success proved a good and bad thing.

Whether the direction was forwards or backwards IDS was the fuel that kept Universal Credit going. On the other hand his passion made it impossible for civil servants to give him bad news – though Timmins raises questions about whether officials would have imparted bad news to any secretary of state, given the DWP’s culture.

Neither does the DWP’s permanent secretary Robert Devereux emerge particularly well from the report.

How it is possible for things to go so badly wrong with there being nobody to blame? The irony is that the only people to have suffered are the genuine innocents – the middle and senior managers who have most contributed to Universal Credit apparent recovery – people like Terry Moran.

Perhaps the Timmins report should be required reading among all involved in future major projects. Competence cannot be made mandatory. An understanding of the common mistakes can.

Thank you to FOI campaigner Dave Orr for alerting me to the Institute’s Universal Credit reports.

Thanks also to IT projects professional John Slater – @AmateurFOI – who has kept me informed of his FOI requests for Universal Credit IT reports that the DWP habitually refuse.

Update 18.00 6 September 2016

In a tweet today John Slater ( @AmateurFOI ) makes the important point that he asked the DWP and MPA whether either had held a “lessons learned” exercise in the light of the “reset” of the Universal Credit IT programme. The answer was no.

This perhaps reinforces the impression that the DWP is irredeemably complacent, which is not a good position from which to lead major IT projects in future.

Written evidence the Department for Work and Pensions submitted to an FOI tribunal – but did not want published (ever) – reveals that there was an internal “lack of candour and honesty throughout the [Universal Credit IT] Programme and publicly”.

It’s the first authoritative confirmation by the DWP that it has not always been open and honest when dealing with the media on the state of the Universal Credit IT programme.

FOI tribunal grants request to publish DWP’s written submission

According to the DWP submission, senior officials on the Programme became so concerned about leaks that a former member of the security services was brought in to lead an investigation. DWP staff and managers were the subjects of “detailed interviews”. Employee emails were “reviewed”, as were employee access rights to shared electronic areas.

Staff became “paranoid” about accidentally leaving information on a printer. Some of the high-security measures appear still to be in place.

Unpublished until now, the DWP’s written legal submission referred, in part, to the effects on employees of leak investigations.

The Government Legal Service argued that the DWP’s written evidence was for the purposes of the tribunal only. It should not be published or passed to an MP.

The Legal Service went further: it questioned the right of an FOI Tribunal to decide on whether the submission could be published. Even so a judge has ruled that the DWP’s written evidence to the tribunal can be published.

The DWP’s submission gives a unique glimpse into day-to-day life and corporate sensitivities at or near the top of the Universal credit IT programme.

It reveals the lengths to which senior officials were willing to go to stop any authoritative “bad news” on the Universal Credit IT programme leaking out. Media speculation DWP’s senior officials do not seem to mind. What appears to concern them is the disclosure of any credible internal information on how things are progressing on Universal Credit IT.

Confidential

Despite multiple requests from IT suppliers, former government CIOs and MPs, for Whitehall to publish its progress reports on big IT-based change programmes (some examples below), all central departments keep them confidential.

That sensitivity has little to do with protecting personal data.

It’s likely that reviews of projects are kept confidential largely because they could otherwise expose incompetence, mistakes, poor decisions, risks that are likely to materialise, large sums that have been wasted or, worst of all, a project that should have been cancelled long ago and possibly re-started, but which has been kept going in its original form because nobody wanted to own up to failure.

On this last point, former government CIO and permanent secretary Ian Watmore spoke to MPs in 2009 about how to fix government IT. He said,

“An innovative organisation tries a lot of things and sometimes things do not work. I think one of the valid criticisms in the past has been when things have not worked, government has carried on trying to make them work well beyond the point at which they should have been stopped.”

Individual accountability for failure?

Oblivious to MPs’ requests to publish IT progress reports, the DWP routinely refuses FOI requests to publish IT progress reports, even when they are several years old, even though by then officials and ministers involved will probably have moved on. Individual accountability for failure therefore continues to be non-existent.

Knowing this, MPs on two House of Commons select committees, Public Accounts and Work and Pensions, have called for the publication of reports such as “Gateway” reviews.

This campaign for more openness on government IT projects has lasted nearly three decades. And still Whitehall never publishes any contemporaneous progress reports on big IT programmes.

It took an FOI campaigner and IT projects professional John Slater [@AmateurFOI] three years of legal proceedings to persuade the DWP to release some old reports on the Universal Credit IT programme (a risk register, milestone schedule and issues log). And he had the support of the Information Commissioner’s legal team.

Yet we now know, thanks to the DWP’s submission, the lengths to which officials will go to stop such documents leaking out.

Understandable?

Some at the DWP are likely to see the submission as explaining some of understandable measures any government department would take to protect sensitive information on its largest project, Universal Credit. The DWP is the government largest department. It runs some of the world’s biggest IT systems. It possesses personal information on nearly everyone in Britain. It has to make the protection of its information a top priority.

Others will see the submission as proof that the DWP will do all it can to honour a decades-old Whitehall habit of keeping bad news to itself.

IT-based change schemes are about solving problems. An introspective “good news only” culture may help to explain why the DWP has a poor record of managing big and successful IT-based projects and programmes. The last time officials attempted a major modernisation of benefit systems in the 1990s – called Operational Strategy – the costs rose from £713m to £2.6bn and the intended objective of joining up the IT as part of a “whole person” concept, did not happen.

Programme papers“watermarked”

The DWP’s power, mandate and funding come courtesy of the public. So do officials, in return, have the right to keep hidden mistakes and flawed IT strategies that may lead to a poor use – or wastage – of hundreds of millions of pounds, or billions?

The DWP’s submission reveals that recommendations from its assurance reports (low-level reports on the state of the IT programme including risks and problems) were not circulated and a register was kept of who had received them.

Concern over leaks

The submission said that surveys on staff morale ceased after concerns about leaks. IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”. For added security, Universal Credit programme papers were watermarked.

When a former member of the security services was brought in to conduct a leaks investigation, staff and mangers were invited by the DWP’s most senior civil servant to “speak to the independent investigator if they had any information”. This suggests that staff were expected to inform on any suspect colleagues.

People “stopped sharing comments which could be interpreted as criticism of the [Universal Credit IT] Programme,” said the submission. “People became suspicious of their colleagues – even those they worked closely with.

“There was a lack of trust and people were very careful about being honest with their colleagues…

“People felt they could no longer share things with colleagues that might have an honest assessment of difficulties or any negative criticism – many staff believed the official line was, ‘everything is fine’.

“People, even now, struggle to trust colleagues with sensitive information and are still fearful that anything that is sent out via email will be misused.

“For all governance meetings, all documents are sent out as password protected, with official security markings included, whether or not they contain sensitive information.”

“Defensive”

Lines to take with the media were added to a “Rolling Brief”, an internal update document, that was circulated to senior leaders of the Universal Credit IT programme, the DWP press office and special advisors.

These “lines to take” were a “defensive approach to media requests”. They emphasised the “positive in terms of progress with the Programme without acknowledging the issues identified in the leaked stories”.

This positive approach to briefing and media management “led to a lack of candour and honesty through the Programme and publically …”

It appears not. The so-called leaks revealed imperfections in the running of the Universal Credit programme; but there was no personal information involved. Officials were concerned about the perceived leak of a Starting Gate Review to the Telegraph (although the DWP had officially lodged the review with the House of Commons library).

The DWP also mentioned in its statement a leak to the Guardian of the results of an internal “Pulse” survey of staff morale – although it’s unclear why the survey wasn’t published officially given its apparent absence of sensitive commercial, personal, corporate or governmental information.

NPfIT

The greater the openness in external communications, the less likely a natural scepticism of new ways of working will manifest in a distrust of the IT programme as a whole.

The NHS’s National Programme for IT (NPfIT) – then the UK’s biggest IT programme costing about £10bn – was dismantled in 2011 after eight fraught years. One reason it was a disaster was the deep distrust of the NPfIT among clinicians, hospital technologists, IT managers, GPs and nurses. They had listened with growing scepticism to Whitehall’s oft-repeated “good news” announcements.

Ex-Government CIO wanted more openness on IT projects

When MPs have asked the DWP why it does not publish reports on the progress of IT-enabled projects, it has cited “commercial confidentiality”.

But in 2009, Ian Watmore (the former Government CIO) said in answer to a question by Public Account Committee MP Richard Bacon that he’d endorse the publication of Gateway reviews, which are independent assessments of the achievements, inadequacies, risks, progress and challenges on risky IT-based programmes.

“I am with you in that I would prefer Gateway reviews to be published because of the experience we had with capability reviews (published reports on a department’s performance). We had the same debate (as with Gateway reviews) and we published them. It caused furore for a few weeks but then it became a normal part of the furniture,” said Watmore.

Capability reviews are no longer published. The only “regular” reports of Whitehall progress with big IT programmes are the Infrastructure and Projects Authority’s annual reports. But these do not include Gateway reviews or other reports on IT projects and programmes. The DWP and other departments publish only their own interpretations of project reviews.

In the DWP’s latest published summary of progress on the Universal Credit IT programme, dated July 2016, the focus is on good news only.

But this creates a mystery. The Infrastructure and Projects Authority gave the Universal Credit programme an “amber” rating in its annual report which was published this month. But neither the DWP nor the Authority has explained why the programme wasn’t rated amber/green or green.

MPs and even IT suppliers want openness on IT projects

In 2004 HP, the DWP’s main IT supplier, told a Work and Pensions Committee inquiry entitled “Making IT work for DWP customers” in 2004 that “within sensible commercial parameters, transparency should be maintained to the greatest possible extent on highly complex programmes such as those undertaken by the DWP”.

The Work and Pensions Committee spent seven months investigating IT in the DWP and published a 240-page volume of oral and written in July 2004. On the matter of publishing “Gateway” reviews on the progress or otherwise of big IT projects, the Committee concluded,

“We found it refreshing that major IT suppliers should be content for the [Gateway] reviews to be published. We welcome this approach. It struck us as very odd that of all stakeholders, DWP should be the one which clings most enthusiastically to commercial confidentiality to justify non-disclosure of crucial information, even to Parliament.”

The Committee called for Gateway reviews to be published. That was 12 years ago – and it hasn’t happened.

Four years later the Committee found that the 19 most significant DWP IT projects were over-budget or late.

“The Public Accounts Committee has emphasised frequently the need for greater transparency and accountability in departments’ performance in managing their programmes and projects and, in particular, that the result of OGC Gateway Reviews should be published.”

But today, DWP officials seem as preoccupied as ever with concealing bad news on their big IT programmes including Universal Credit.

The costs of concealment

The DWP has had important DWP project successes, notably pension credits, which was listed by the National Audit Office as one of 24 positive case studies.

But the DWP has also wasted tens of millions of pounds on failed IT projects.

Projects with names such as “Camelot” [Computerisation and Mechanisation of Local Office Tasks] and Assist [Analytical Services Statistical Information System) were cancelled with losses of millions of pounds. More recently the DWP has run into problems on several big projects.

“Abysmal”

On 3 November 2014 the then chairman of the Public Accounts Committee Margaret Hodge spoke on Radio 4’s Analysis of the DWP’s ‘abysmal’ management of IT contracts.”

1984

As long ago as 1984, the House of Commons Public Accounts Committee called for the civil service to be more open about its progress on major computer projects.

Today there are questions about whether the Universal Credit IT will succeed. Hundreds of millions has already been spent. Yet, as mentioned earlier, current information on the progress of the DWP’s IT programmes remains a state secret.

It’s possible that progress on the Universal Credit IT programme has been boosted by the irregular (but thorough) scrutiny by the National Audit Office. That said, as soon as NAO reports on Universal Credit are published, ministers and senior officials who have seen copies in advance routinely dismiss any criticisms as retrospective and out-of-date.

Does it matter if the DWP is paranoid about leaks?

A paper published in 2009 looks at how damaging it can be for good government when bureaucracies lack internal challenge and seek to impose on officials a “good news” agenda, where criticism is effectively prohibited.

The paper quoted the then Soviet statesman Mikhail Gorbachev as saying, in a small meeting with leading Soviet intellectuals,

“The restructuring is progressing with great diﬃculty. We have no opposition party. How then can we control ourselves? Only through criticism and self-criticism. Most important: through glasnost.”

Non-democratic regimes fear a free ﬂow of information because it could threaten political survival. In Russia there was consideration of partial media freedom to give incentives to bureaucrats who would otherwise have no challenge, and no reason to serve the state well, or avoid mistakes.

The Chernobyl nuclear disaster, which occurred on April 26, 1986, was not acknowledged by Soviet oﬃcials for two days, and only then after news had spread across the Western media.

The paper argued that a lack of criticism could keep a less democratic government in power. But it can lead to a complacency and incompetence in implementing policy that even a censored media cannot succeed in hiding.

As one observer noted after Chernobyl (Methvin in National Review, Dec. 4, 1987),

“There surely must be days—maybe the morning after Chernobyl—when Gorbachev wishes he could buy a Kremlin equivalent of the Washington Post and ﬁnd out what is going on in his socialist wonderland.”

That move was not known about at the time. Indeed in December 2012 – at a point when the DWP was issuing public statements on the success of the Universal Credit Programme – the scheme was actually in trouble. The DWP’s legal submission said,

“In summary we concluded (just before Christmas 2012) that the IT system that had been developed for the launch of UC [Universal Credit] had significant problems.”

One wonders whether DWP civil servants kept Duncan Smith in the dark because they themselves had not been fully informed about what was going on, or because they thought the minister was best protected from knowing what was going on, deniability being one key Whitehall objective.

But in the absence of reliable internal information a political leader can lose touch completely, said the paper on press freedom.

“On December 21, 1989, after days of local and seemingly limited unrest in the province of Timi¸ Ceausescu called for a grandiose meeting at the central square of Bucharest, apparently to rally the crowds in support of his leadership. In a stunning development, the meeting degenerated into anarchy, and Ceausescu and his wife had to ﬂee the presidential palace, only to be executed by a ﬁring squad two days later.”

Wrong assumptions

Many times, after the IT media has published articles on big government IT-based project failures, TV and radio journalists have asked to what extent the secretary of state was responsible and why he hadn’t acted to stop millions of pounds being wasted.

But why do broadcast journalists assume ministers control their departments? It is usually more likely that ministers know little about the real risks of failure until it is too late to act decisively.

Lord Bach, a minister at DEFRA, told a House of Commons inquiry in 2007 into the failure of the IT-based Single Payment Scheme that he was aware of the risks but still officials told him that systems would work as planned and farmers would receive payments on time. They didn’t. Chaos ensued.

“I do think that, at the end of the day, some of the advice that I received from the RPA [Rural Payments Agency] was over-optimistic.”

Another DEFRA minister at the time Lord Whitty, who was also party in charge of the Single Payment Scheme, told the same inquiry,

“Perhaps I ought also to say that this was the point at which I felt the advice I was getting was most misleading, and I have used the term ‘misleading’ publicly but I would perhaps prefer to rephrase that in the NAO terms …”

Even the impressive Stephen Crabb – who has now quit as DWP secretary of state – didn’t stand much of chance of challenging his officials. The department’s contracts, IT and other affairs, are so complex and complicated – there are bookcases full of rules and regulations on welfare benefits – that any new ministers soon find themselves overwhelmed with information and complexity.

They will soon realise they are wholly dependent on their officials; and it is the officials who decide what to tell the minister about internal mistakes and bad decisions. Civil servants would argue that ministers cannot be told everything or they would be swamped.

But the paper on press freedom said that in order to induce high eﬀort within a bureacucracy, the leader needs “veriﬁable information on the bureaucrats’ performance”.

The paper made a fascinating argument that the more complacent the bureaucracy, the more aggressively it would control information. Some oil-rich countries, said the paper, have less media freedom than those with scarcer resources.

“Consistent with our theory, [some] non-democratic countries … have vast resources and poor growth performance, while the Asian tigers (South Korea, Taiwan, Hong Kong, and Singapore), while predominantly non-democratic in the 1970s and 1980s, have high growth rates and scarce natural resource.”

In an apparent opening up of information, the government in China passed a law along the lines of the U.S. Freedom of Information Act (“China Sets Out to Cut Secrecy, but Laws Leave Big Loopholes,” New York Times, Apr. 25, 2007). But was this law self-serving? It, and the launch of local elections, provided the central government with relatively reliable information on the performance of provincial bosses.

These stories from less democratic countries may be relevant in Britain because politicians here, including secretaries of state, seem to be the last to know when a big IT-based programme is becoming a disaster.

T auditors Arthur D Little, in a forensic analysis of the delays, cost over-runs and problems on the development of a huge air traffic control IT project for National Air Traffic Services, whose parent was then the Civil Aviation Authority, which was part of the Department for Transport, referred to an “unwillingness to face up to and discuss bad news”.

Ministers helpless to force openness on unwilling officials?

Francis Maude came to the Cabinet Office with a reforming zeal and a sophisticated agenda for forcing through more openness, but the effects of his efforts began to evaporate as soon as he left office. Even when he was at the height of his power and influence, he was unable to persuade civil servants to publish Gateway reviews, although he’d said when in opposition that he intended to publish them.

His negotiations ended with central departments agreeing to publish only the “traffic light” status of big projects – but only after a minimum delay of at least six months. In practice the delay is usually a year or more.

Brexit

Brexit campaigners argue that the EC is undemocratic, that decisions are taken in Brussels in secret by unelected bureaucrats. But the EC is at least subject to the scrutiny, sometimes the competing scrutiny, of 29 countries.

Arguably Whitehall’s departments are also run by unelected bureaucrats who are not subject to any effective scrutiny other than inspections from time to time of the National Audit Office.

Yes Minister parodied Sir Humphrey’s firm grip on what the public should and should not be told. Usually his recommendation was that the information should be misleadingly reassuring. This was close enough to reality to be funny. And yet close enough to reality to be serious as well. It revealed a fundamental flaw in democracy.

Nowhere is that flaw more clearly highlighted than in the DWP’s legal submission. Is it any surprise that the DWP did not want the submission published?

If officials had the choice, would they publish any information that they did not control on any of their IT projects and programmes?

That’s where the indispensable work of the National Audit Office comes into the picture – but it alone, even with the help of the Public Accounts Committee, cannot plug the gaping hole in democracy that the DWP’s submission exposes.

These are some thoughts I am left with after reading the legal submission in the light of the DWP’s record on the management of IT-based projects …

Press freedom and the free flow of information cannot be controlled in a liberal democracy. But does Whitehall have its own subtle – and not so subtle – ways and means?

In light of the DWP’s track record, the public and the media are entitled to distrust whatever ministers and officials say publicly about their own performance on IT-related programmes, including Universal Credit.

More worryingly, would the DWP’s hierarchy care a jot if the media and public didn’t believe what the department said publicly about progress on big projects such as Universal Credit?

Is the DWP’s unofficial motto: Better to tell a beautiful lie than an ugly truth?

AL Kennedy mentioned the “botched” Universal Credit programme when she gave a “point of view” on Radio 4 last week. Not referring specifically to Universal Credit she said facts can be massaged but nature can’t be fooled. A girder that won’t hold someone’s weight is likely to fail however many PR-dominated assurance reports have gone before. “Facts are uncompromising and occasionally grim. I wish they weren’t. Avoiding them puts us all at increased risk,” she said.

Avon and Somerset Police has been consistent in its good news statements on the force’s “innovative” outsourcing deal with IBM-owned Southwest One.

These announcements and similar FOI responses have a clear message: that savings from the deal are more than expected.

But the statements have differed in tone and substance from those of Somerset County Council which ended up in a legal action with Southwest One.

Somerset’s losses on its Southwest One deal could leave the casual observer wondering why and how Avon and Somerset Police had made a success of its deal with Southwest One, whereas the county council has had a disastrous experience.

Now the BBC reports that Avon and Somerset will not be renewing its contract with Southwest One when the deal expires in 2018.

Southwest One is 75% owned by IBM and carries out administrative, IT and human resources tasks for the force.

Avon and Somerset Police’s “new” chief constable Andy Marsh – who took up the post in February 2016 – confirmed he has “given notice” that the Southwest On contract will not be renewed.

Andy Marsh, chief constable, Avon and Somerset.

Instead he said he wants to work with neighbouring police and fire services. Marsh said,

“We will be finding a new way of providing those services. It is my intention to collaborate with other forces. I do believe I can save some money and I want to protect frontline numbers.”

Marsh came to Avon and Somerset with a reputation for making value for money a priority.

These are some of the statements made by Avon and Somerset Police on the progress of the Southwest One contract before Marsh joined the force:

“I am delighted with the level of procurement savings Southwest One is delivering for us, particularly as it is our local communities who will benefit most as front-line services are protected. “

“Using Southwest One’s innovative approach, we have been able to exceed our expected savings level.”

“I am looking forward to building on our close working relationship with Southwest One to deliver even greater savings in the future.”

FOI campaigner David Orr says of the police’s decision not to renew its contract with Southwest One,

“This controversial contract with IBM for Southwest One was signed in 2007 with the County Council, the Police and Taunton Deane Borough Council.

“We were promised £180m of cash savings, an iconic building in Taunton at Firepool, as well as new jobs and a boost to the economy. None of that ever materialised. “

Comment

If Avon and Somerset Police is happy with its outsourcing deal with Southwest One, why is it not renewing or extending the contract?

It’s clear the “new” chief constable Andy Marsh believes he can save money by finding a new way of delivering services, including IT. This sounds sensible given that the client organisation will at some point have to contribute to the supplier’s profits, usually in the later years of the contract.

Savings by ending outsourcing

Public authorities, particularly councils, when they announce the end of an outsourcing contract, will often say they plan to make substantial savings by doing something different in future – Somerset County Council and Liverpool Council among them.

Dexter Whitfield of the European Services Strategy Unit which monitors the success or otherwise of major outsourcing deals, is quoted in a House of Commons briefing paper last month entitled “Local government – alternative models of service delivery” as saying,

“Councils have spent £14.2bn on 65 strategic public-private partnership contracts, but there is scant evidence of full costs and savings”.

According to Whitfield, this is due to “the lack of transparent financial audits of contracts, secretive joint council-contractor governance arrangements, poor monitoring, undisclosed procurement costs, a lack of rigorous scrutiny and political fear of admitting failure”.

If it’s so obvious that outsourcing suppliers will eventually try to make up later for any losses in the early stages of a contract – suppliers are not registered charities – why are such deals signed in the first place?

Do officials and councillors not realise that their successors will probably seek to save money by jettisoning the same outsourcing deal?

The problem, perhaps, is that those who preside over the early years of an outsourcing contract are unlikely to be around in the later years. For them, there is no effective accountability.

Hence the enthusiastic public announcements of savings and new investments in IT and other facilities in the early stages of an outsourcing contract.

It’s likely things will go quiet in the later years of the contract when the supplier may be trying to recoup losses incurred in the early years.

Then, suddenly, the public authority will announce it is ending its outsourcing deal. Outsiders are left wondering why.

Good news?

Given Avon and Somerset’s determination to end its relationship with Southwest One, can we trust all the good news statements by the force’s officials in past years?

With facts in any outsourcing deal so hard to come by, even for FOI campaigners, selective statements by public servants or ruling councillors about how successful their deal is, and how many tens of millions of pounds they are saving, are best taken with a pinch of salt.

Especially if the announcements were at an early stage of the contract and things have now gone quiet.

Thank you to David Orr for alerting me to the BBC story and providing links to much of the material that went into this post.

Jeremy Hunt may have forgotten what he told the FT 2013, as reported in the paper on 2 June 2o13.

Referring to the failed National Programme for IT [NPfIT] in the NHS he said at that time,

“It was a huge disaster . . . It was a project that was so huge in its conception but it got more and more specified and over-specified and in the end became impossible to deliver, but we musn’t let that blind us to the opportunities of technology and I think one of my jobs as health secretary is to say, look, we must learn from that and move on but we must not be scared of technology as a result.”

He added, “I’m not signing any big contracts from behind [my] desk; I am encouraging hospitals and clinical commissioning groups and GP practices to make their own investments in technology at the grassroots level.”

Now the Department of Health (and perhaps some large IT suppliers) have encouraged Hunt to find £4bn for spending on technology that is (again) of questionable immediate need.

Says Computing, “A significant part of the paperless NHS plans will involve enabling patients to book services and order prescriptions online, as well as giving them the choice of speaking to their doctor online or via a video link.”

The £4bn, if that’s what it will cost, is much less than the cost of the NPfIT. But are millions to be wasted again?

[NPfIT was originally due to cost £2.3bn over three years from 2003 but is expected to cost £9.8bn over 21 years, to 2024.]

“Improving the standard of care patients receive even further means embracing technology and moving towards a fully digital and paperless NHS.

NHS staff do incredible work every day and we must give them and patients the most up-to-date technology – this review will tell us where we need to go further.”

The NPfIT was supposed to give the NHS up-to-date technology – but is that what’s needed?

A more immediate need is for any new millions of central funding (for the cost would be in the tens of millions, not billions) to be spent on the seemingly mundane objective of getting existing systems to talk to each other, so that patients can be treated in different parts of the NHS and have their electronic records go with them.

This doesn’t need a new national programme for IT. Some technologists working in the NHS say it would cost no more than £150m, a small sum by NHS IT standards, to allow patient data to reside where it is but be accessed by secure links anywhere, much as secure links work on the web.

But the review’s terms of reference make only a passing reference to the need for interoperability.

Instead the review will have terms of reference that are arguably vague – just as the objectives for the NPfIT were.

The Department of Health has asked the review board, when making recommendations, to consider the following points:

The experiences of clinicians and Trust leadership teams in the planning, implementation and adoption of digital systems and standards;

The current capacity and capability of Trusts in understanding and commissioning of health IT systems and workflow/process changes.

The current experiences of a number of Trusts using different systems and at different points in the adoption lifecycle;

The impact and potential of digital systems on clinical workflows and on the relationship between patients and their clinicians and carers.

The head of the review board Professor Wachter will report his recommendations to the secretary of state for health and the National Information Board in June 2016.

Members of the National Advisory Group on health IT in England (the review board) are:

Robert Wachter, MD, (Chair) Professor and Interim Chairman, Department of Medicine,University of California, San Francisco

Julia Adler-Milstein, PhD, Associate Professor, Schools of Information and of Public Health, University of Michigan

David Brailer, MD, PhD, CEO, Health Evolution Partners (current); First U.S. National Coordinator for Health IT (2004-6)

Perhaps egged on by one or two major suppliers in behind-the-scenes lobbying, Hunt has apparently found billions to spend on improving NHS IT.

Nobody doubts that NHS IT needs improving. But nearly all GPs have impressive systems, as do many hospitals. But the systems don’t talk to each other.

The missing word from the review board’s terms of reference is interoperability. True, it’s difficult to achieve. And it’s not politically aggrandizing to find money for making existing systems interoperable.

But at present you can have a blood test at the GP, then a separate blood test at the local hospital and the full results won’t go on your electronic record because the GP and hospital are on different systems with no interoperability between them.

If you’re treated at a specialist hospital for one ailment, and at a different hospital 10 to 20 (or say 100) miles away for something else, it may take weeks for your electronic record to reflect your latest treatment.

Separate NHS sites don’t always know what each other is doing to a patient, unless information is faxed or posted between them.

The fax is still one of the NHS’s main modes of cross-county communication. The DoH wants to be rid of the fax machine but it’s indispensable to the smooth running of the NHS, largely because new and existing systems don’t talk to each other.

The trouble with interoperability – apart from the ugliness of the word – is that it is an unattractive concept to some of the major suppliers, and to DoH executives, because it’s cheap, not leading edge and may involve agreements on data sharing.

Getting agreements on anything is not the DoH’s forte. [Unless it’s an agreement to spend more money on new technology, for the sake of having up-to-date technology.]

Last year I broke my ankle in Sussex and went to stay in the West Midlands at a house with a large ground floor and no need to use stairs. There was no communication between my local GP and the NHS in the West Midlands other than by phone, post or fax, and even then only a summary of healthcare information went on my electronic record.

I had to carry my x-rays on a CD. Then doctors at my local orthopaedic department in Sussex found it difficult to see the PACS images because the hospital’s PCs didn’t have CD players.

A government employee told me this week of a hospital that gave medication to a patient in the hope she would not have an adverse reaction. The hospital did not have access to the patient’s GP records, and the patient was unsure of the name of the medication she’d previously had an allergic reaction to.

Much of the feedback I have had from those who have enjoyed NHS services is that their care and treatment has been impeded by their electronic records not moving with them across different NHS sites.

Mark Leaning, visiting professor, at University College, London, in a paper for health software supplier EMIS, says the NHS is “not doing very well when it comes to delivering a truly connected health system in 2016. That’s bad for patient outcomes.”

That GPs and their local hospital often cannot communicate electronically is a disgrace given the billions various governments have spent on NHS IT. It is on interoperability that any new DoH IT money needs to be spent.

Instead, it seems huge sums will be wasted on the pie-in-the-sky objective of a paperless NHS by 2020. The review board document released today refers to the “ambition of a paper- free health and care system by 2020”.

What’s the point of a paperless NHS if a kaleidoscope of new or existing systems don’t properly communicate?

Congratulations, incidentally, to GP software suppliers TPP and EMIS. They last year announced direct interoperability between their core clinical systems.

Their SystmOne and EMIS Web systems hold the primary care medical records for most of the UK population.

And this month EMIS announced that it has become the first UK clinical systems provider to implement new open standards for interoperability in the NHS.

It says this will enable clinicians using its systems to securely share data with any third party supplier whose systems comply with a published set of open application programme interfaces.

The Department of Health and ministers need to stop announcing things that will never happen such as a paperless NHS and instead focus their attention – and any new IT money – on initiatives that are not subconsciously aimed at either political or commercial gain.

It would be ideal if they, before announcing any new IT initiative, weighed up diligently whether it is any more important, and any more of a priority, than getting existing systems to talk to each other.

Almost unnoticed outside the NHS an email was circulated by health officials last weekend about a national “severity 1” incident involving the Electronic Prescription Service, running on BT’s data Spine .

“The EPS [electronic prescriptions service] database is currently experiencing severe degradation of performance. … BT engineers [are] currently investigating with the database application support team,” said the email.

A severity 1 or 2 incident, which involves a temporary loss of, or disruption to, the Spine or other national NHS system, is not unusual, according to a succession of emails forwarded to Campaign4Change.

The Department of Health defines a severity 1 incident as a failure that has the potential to:

— have a significant adverse impact on the provision of the service to a large number of users; or

— have a significant adverse impact on the delivery of patient care to a large number of patients; or

— cause significant financial loss and/or disruption to NHS Connecting for Health [now the Health and Social Care Information Centre], or the NHS; or

— result in any material loss or corruption of health data, or in the provision of incorrect data to an end user.

The Health and Social Care Information Centre, which manages BT’s Spine and other former NPfIT contracts, reports that the spine availability is 99.9% or 100%. But the HSCIC’s emails tell a story of service outage or disruption that is almost routine.

If the spine and other national services are really available 99.9% of the time, is that good enough for the NHS, especially when ministers and officials are increasingly expecting clinicians and nurses to depend on electronic patient records and electronic prescriptions? In short, are national NHS IT systems up to the job?

NHS staff access the spine tens of millions of times every month, often to trace patients before accessing their electronic records. The spine is pivotal to the use of patient records held on Rio and Cerner Millennium systems in London. It is critical to the operation of Choose and Book, the Summary Care Record, Electronic Prescription Service pharmacy systems, GP2GP, iPM/Lorenzo, and the Personal Demographics Service.

According to a Department of Health letter sent to the Public Accounts Committee, payments to BT for the Spine totalled £1.08bn by March 2013.

“There is a huge amount of industrial-strength robustness, availability, disaster recovery, that you cannot get someplace else,” said a BT executive when he appeared before MPs in May 2011.

Life and death

Sir David Nicholson spoke of the importance of the spine and other national NHS systems at a hearing of the Public Accounts Committee in 2011. He said they were

“providing services that literally mean life and death to patients today … So the Spine, and all those things, provides really, really important services for our patients…”

When Croydon Health Services NHS Trust went live with a Cerner Millennium patient records system at the end of September a “significant network downtime” – of BT’s N3 network – had an effect on patients.

A trust board paper, dated 25 November 2013 says:

“CRS Millennium (Cerner) Deployment -Network downtime – Week 1. In particular, the significant network downtime in week 1 (BT N3 problem) led to no electronic access to Pathology and Radiology which resulted in longer waits for patients in the Emergency Department (ED) leading to a large number of breaches. This was a BT N3 problem which has been rectified with BT …”

Below are some of the emails passed to Campaign4Change in the past four months. Written by the Health and Social Care Information, the emails alert NHS users to outages or disruption to GP or national NHS IT systems.

Some HSCIC messages of disruption to service

October 2013

Severity 2 HSCIC National CQRS has not received a number of participation status messages. Also affecting: GPES USER IMPACT: CQRS Users are not able to manually submit specific information, this will impact the users’ business process for entry of achievement data. ACTION BEING TAKEN: Following a configuration change by the GPES Business Unit a specific code has now been added to the GPET-Q Database. We are currently awaiting confirmation that the addition of the relevant code has been successful. Discussions are taking place regarding the re-submission of status messages. HSCIC conference calls are on-going.

[A severity 2 service failure is a failure [that] has the potential to:

– have a significant adverse impact on the provision of the service to a small or moderate number of service users; or

– have a moderate adverse impact on the delivery of patient care to a significant number of service users; or

– have a significant adverse impact on the delivery of patient care to a small or moderate number of patients; or

– have a moderate adverse impact on the delivery of patient care to a high number of patients; or

– cause a financial loss and/or disruption … which is more than trivial but less severe than the significant financial loss described in the definition of a Severity 1 service failure.]

**

Severity 2 HSCIC BT Spine National Intermittent performance issues on TSPINE. T-Spine RESOLUTION: BT Spine have confirmed that the incident has been resolved and users are able to perform routine business processes without delays.

November 2013

Severity 1 BT Spine HSCIC National Users are unable to log into PDS. USER IMPACT: All sites are currently unable to access PDS, this is causing a delay to normal services. ACTION BEING TAKEN: BT Spine are working to restore service.

**

Severity 2 BT Spine HSCIC National EPS users. Slow performance on reliable and unreliable messages for EPS. USER IMPACT: This is causing delays to routine business processes as some users may be experiencing slow performance with the EPS service. BT investigating.

**

Severity 2 BT Spine HSCIC National Slow performance on EPS Messaging. USER IMPACT: This is causing delays to routine business processes as some users may be experiencing slow performance with the EPS service. ACTION BEING TAKEN: BT moved the database to an alternate node following application server restarts. This temporarily restored normal message response times however performance has started to degrade again. BT Investigation continues.

** Severity 1 Atos HSCIC National Multiple users were unable to log in to the Choose & Book application. ATOS made some network configuration changes overnight 19th/20th November which restored service. After a period of monitoring throughout the day yesterday the service has remained stable and at expected levels. Further activities and investigation will be carried out by several resolver teams which will be scheduled through change management.

Severity 2 Cegedim RX HSCIC National Cegedim RX – Users are experiencing slow performance in EPS 1 and EPS 2. USER IMPACT: Users are experiencing slow performance and delays to routine business processes when using EPS 1 and EPS 2. ACTION BEING TAKEN: Following a restart of application services, traffic has improved for all new EPS messages. However there is a backlog of EPS messages which may cause delays to routine business processes. Cegedim RX to continue to investigate.

**

December 2012

Severity 1 BT Spine HSCIC National Performance issues have been detected with the transaction messaging system (TMS). Also affecting: Choose and Book, GP2GP USER IMPACT: This may cause delays to routine business processes. This may have an effect on all Spine related systems. This includes PDS, Choose and Book, PSIS, SCR, ACF Services. ACTION BEING TAKEN: This has been resolved but BT are currently monitoring performance. Further investigation is required by BT into the root cause.

**

Severity 2 GDIT – CQRS HSCIC National DTS has not processed a CQRS payment file. CQRS Also affecting: GPES USER IMPACT: This is causing delays to routine business processes. ACTION BEING TAKEN: GDIT are currently developing a fix which will be rolled out tomorrow evening, pending successful testing.

Severity 2 BT Spine HSCIC National Users have experienced intermittent issues with the creation and cancellation of smartcards in CMS [Card Management Service for managing smartcards]. CMS USER IMPACT: This is intermittently causing delays to routine business processes as some users have been unable to create, cancel, cut or print cards in CMS. ACTION BEING TAKEN Users may experience issues with the creation and cancellation of cards in CMS. BT have identified a fix for the issue which is currently undergoing testing prior to deployment into the live environment.

**

Severity 2 BT Spine HSCIC National The maternity browser was unavailable within NN4B. RESOLUTION: BT identified a problematic server which was recycled to restore system functionality.

**

Spine scheduled outage for essential maintenance activity.

During critical work to migrate to a new storage solution on Spine an issue was experienced on the Transaction Messaging Service (TMS) in September of this year. The issue resulted in BT failing over the TMS database from its usual site on Live B to Live A to restore service. The failover was completed well within the Service Level Agreement and no detrimental long term impacts to the service were incurred.

On the 15th January 2014 between approximately 22:00-23:30, HSCIC, in conjunction with BT, are planning to relocate the TMS database back to Live B, this is for several critical reasons:

The issues experienced, which prompted the failover, are fully resolved and will not be experienced again as the storage migration work is now complete.

The Spine service is designed to operate with all databases running on Live B so this work supports the optimum configuration for the service.

Most critically the transition for all data on Spine to Spine2 has been designed to operate from a standby site with no live databases on it. Therefore to support the Spine2 transition this work is absolutely essential.

In order to facilitate a safe relocation of the database a 1.5 hour outage is required to TMS. The impact of this to Spine is significant and results in effectively an outage for Spine and its interfaces to connecting systems for that period. The time and date is aimed at the lowest times of utilisation for Spine, to minimise impact to end users, as well as not impacting critical batch processing and Choose & Book slot polls.

Date & Time

Change Start

Change Finish

Services Affected

Outage Duration

15/01/2013 22:00

15/01/2013 23:30

Transaction Messaging Service (TMS)

1.5 hours

Service

Impact Description

Choose and Book

The Choose and Book service will be available but functionality will be limited until the TMS database has switched over.Users of the web application will experience limited retrievals during the outage window.The system will not be able to create shared-secret for patients who have not been referred via Choose and Book before.Service Providers will be unable to:

For directly bookable services the following functionality will be unavailable:

Booking appointments

Rearranging appointments

Creating new patient accounts

Choose & Book systems will need to queue the messages and resend to Spine once the TMS service is enabled.

Due to the timing of the outage slot polls will not be affected.

Summary Care Record application (SCRa)

The SCRa application will be available but functionality will be limited until the TMS database has switched over.Simple traces can be completed on PDS data but users will be unable to perform any PSIS updates (e.g. GP summary updates)

DSA

The DSA application will be available but functionality will be limited until the TMS database has switched over.Simple traces can be completed on PDS data but users will be unable to perform any PSIS updates (e.g. GP summary updates).

Electronic Prescription Service (EPS)Pharmacy Systems

Reliable messaging will be unavailable for the duration of the switchover work as the TMS service will be suspended dual site. All messages received from EPS systems will be rejected and not go into retry.EPS systems will need to queue the messages and resend to Spine once the TMS service is enabled.

EPS Batch

The PPA response for any “claim” messages will not be sent to PPA/PPD. However, EPS will send those response(s) again when the retry jobs are re-activated after the switchover exercise is over.Response for any “claim” messages will not be received until after the switchover. Retry jobs will resend the responses once the TMS service is enabled.

Existing Service Providers (ESPs)

There will be varying impacts depending on the product, release version and Spine compliant modules of the solution.ESP systems will need to queue the messages and resend to Spine once the TMS service is enabled.

GP2GP

GP2GP will be unavailable until the TMS database has switched over.GP2GP systems will need to queue the messages and resend to Spine once the TMS service is enabled.

GP Extraction Service (GPES)

GPES functionality will be unavailable until the TMS database has switched over.Messages will be queued on Spine and processed once the TMS service is restored.

GP Systems

Functionality for Choose & Book, EPS and GP2GP, SCR will be limited until the TMS database has switched over.For Choose & Book directly bookable services the following functionality will be unavailable:

Booking appointments

Rearranging appointments

Creating new patient accounts

Systems will need to queue the messages and resend to Spine once the TMS service is enabled.

iPM/Lorenzo

The real-time connection to Spine will be unavailable during the TMS outage. However both systems can be disconnected from Spine and operate without synchronised PDS data.iPM/Lorenzo will need to queue the messages and resend to Spine once the TMS service is enabled.

Millennium

An outage of PDS reliable messaging will impact Millennium users.Users will be unable to:

trace patients

register new patients on PDS

book or reschedule appointments

Millennium will need to queue the messages and resend to Spine once the TMS service is enabled.

NN4B

Trusts will need to be aware that during the outage NHS numbers cannot be generated, new-births cannot be registered and blood-spot labels cannot be generated and should plan accordingly.All birth notifications will be queued and processed once the TMS service is enabled.

Personal Demographics Service (PDS)

Simple traces can be completed on PDS data.PDS reliable messaging will be unavailable until the TMS database has switched over.

RiO

Users will be unable to:

trace patients

register new patients

book or reschedule appointments

The RiO system will need to queue the messages and resend to Spine once the TMS service is enabled.

TMS Event Service (TES)

The majority of TES functionality will be unavailable during the outage.Trusts will need to be aware EPS, Death notifications, and Patient Care Provision Notifications (change of pharmacy) will be queued and sent to the receiving systems once the TMS service is restored.Any impacted notifications will be queued and sent to the receiving systems once TMS is restored.

TMS Batch (DBS, CHRIS, ONS)

DBS will be unavailable until the TMS database has switched over (DBS processing will be suspended for the duration of the exercise).As the TMS switchover will be scheduled to start at 22:00, CHRIS batch should complete before the outage starts (CHRIS batch runs at 20:00 nightly).ONS processing will start at 18:00 nightly. If it doesn’t complete before 22:00, the messages will be queued and processed once the TMS service is restored.

**

Severity 2 BT Spine HSCIC National Users are unable to grant worklist items within UIM. USER IMPACT: This is causing delays to routine business processes as users are unable to complete their worklist items within the UIM application. ACTION BEING TAKEN: BT investigating.

**

Severity 1 BT Spine HSCIC National The EPS database is currently experiencing severe degradation of performance. USER IMPACT: Delays to routine business processes. ACTION BEING TAKEN: BT engineers currently investigating with the database application support team.

Comment

David Nicholson is right. The NHS has become dependent on systems such as the Spine. But can doctors ever trust any aspect of the safety of patients to systems that are not available 24×7 as they need to be in a national health service?

It appears that BT and other suppliers have not been in breach of service level agreements, and the HSCIC has a good relationship with the companies. But does the HSCIC have too great an interest in not finding fault with its suppliers or the contracts, for finding fault could draw attention to any defects in a service for which the HSCIC is responsible?

Have national NHS IT suppliers a strong enough commercial or reputational interest in avoiding a disruption or loss of service, so long as they keep within their service level agreements?

If nobody sees anything wrong with the reliability of existing national NHS IT services improvements are unlikely. Diane Vaughan’s book on the culture and organisation of NASA shows that experts in a big organisation can do everything right according to the rules and procedures – and still have a disastrous outcome.